Deprecation of SMS-based multi-factor authentication (MFA) mode

Deprecation of SMS-based multi-factor authentication (MFA) mode

Overview of SMS-based OTP MFA mode 

The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account.

SMS-based OTPs offer convenience due to their accessibility; nearly everyone possesses a mobile phone and SMS-based OTPs arrive quickly, allowing for easy and secure authentication.

However, there are some other considerations and security risks that make the SMS-based OTP one of the least preferable options for multi-factor authentication. Hence, we’ve decided to deprecate it as an MFA mode.

Reasons for deprecation 

SMS-based OTPs are susceptible to various attacks, including phishing, SIM swapping, and signaling system 7.

Phishing attack: Scammers send fake messages with links to websites that resemble our sign-in page. For example:
They trick you into entering your login details and OTPs. If you do, scammers can access your account, putting your personal information and security at risk.

SIM swapping: By knowing your phone number, a scammer can contact your telecom provider's customer service and request to transfer your phone number to a new SIM card, giving them access to your accounts and personal data without your consent.

Signaling system 7 attack: A hacker can spy on you via the cell phone signaling system, where they can listen to calls, intercept text messages, and track your phone's location, leading to serious security risks.

Considering the security threats in SMS-based OTPs and the guidelines on implementing phishing-resistant MFA given by the Cybersecurity & Infrastructure Security Agency (CISA) of the United States government, we deprecated the SMS-based OTP MFA mode.

➤ Current status
     Deprecation of SMS-based OTP MFA mode for all users who signed up after January 1, 2024.

➤ Upcoming plan
     Migration of existing users and organizations currently enforcing SMS-based OTP MFA to alternate MFA modes.  

Alternate MFA modes

If you’re an organization admin, you can set up a different MFA mode for your organization in the security policies. If you’re a personal user, you can go to the multi-factor authentication section at accounts.zoho.com and set up any of the MFA modes described below.
  • OneAuth (recommended)
    Zoho OneAuth is a multi-factor authentication app that you can use to secure your Zoho account as well as third-party accounts, including Google, Facebook, and Microsoft. With OneAuth, you can set up any of the three authentication modes: push notifications, time-based OTPs, and QR codes.

  • OTP authenticator
    OTP authenticators are apps you can use to set up MFA for your account. These apps generate new OTPs in duration you set, which you can use to sign in to your account.
    Learn how to set up an OTP authenticator.

  • Security key
    A security key is a hardware device that you link to your account to enable multi-factor authentication. Once linked, you'll need to use this key each time you sign in to verify your identity.
    Learn how to set up the security key.
If you have any questions, please write to us at support@zohoaccounts.com.


Update (December 26, 2025) - Announcement page to be shown for administrators

We’re adding a new announcement page during sign-in to help organization admins currently enforcing SMS-based OTP switch to more secure MFA modes. If you're an organization admin, you’ll be asked to update the organization's MFA method by selecting from alternatives such as OneAuth, OTP Authenticator, or Security Key. Please make sure to update your organization's security policy to stay protected and comply with the new MFA requirements.

This announcement will be in effect from 29th December, 2025 (Monday).


Info
Note: Other users who currently use SMS-based OTP will receive a corresponding announcement and guided flow soon. We will update in this post once it’s available. Users can also switch to a more secure MFA mode anytime from the Multi-factor Authentication section in the Accounts page (accounts.zoho.com).

If you have any questions, please write to us at support@zohoaccounts.com.



    • Sticky Posts

    • Deprecation of SMS-based multi-factor authentication (MFA) mode

      Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offer

    • Recent Topics

    • Super Admin Logging in as another User

      How can a Super Admin login as another user. For example, I have a sales rep that is having issues with their Accounts and I want to view their Zoho Account with out having to do a GTM and sharing screens. Moderation Update (8th Aug 2025): We are working

    • Es posible cambiar el lenguaje de los modulos del ASAP?

      Es posible cambiar el lenguaje de estos textos? Tengo Zoho configurado en español pero aun así me muestra estos textos en ingles:

    • Option to Automatically Publish Job Openings to the Career Website via API or Workflow

      Currently, when creating Job Openings using the Zoho Recruit API, the records are successfully inserted into the system. However, there is no way to automatically publish these Job Openings to the Career Website. In the Job Opening field data, there are

    • Evaluate applicants faster: Profile Summary and Skill Sets now in Applications

      Evaluating applicants often requires switching between modules to understand their skills and background. With this update, we’ve extended two capabilities directly to the Applications module: Skill Sets and Profile Summary. You can now review applicants

    • Free webinar: How to use passkeys with Zoho Vault

      Hi everyone! Passkeys are transforming the way we sign in—making authentication safer, faster, and completely passwordless. No more memorizing complex passwords or worrying about credential theft. With Zoho Vault, you can securely manage both passwords

    • Adding Markdown text using Zoho Desk API into the Knowledge Base

      Hi Zoho Community members, We currently maintain the documentation of out company in its website. This documentation is written in markdown text format and we would like to add it in Zoho Knowledge Base. Do you know if there is REST API functionality

    • Is it possible to embed Zoho Bookmarks in the Cliq sidebar?

      Is there any way that each Zoho user can access their bookmarks (that live in https://bookmarks.zoho.eu/ which is technically a part of Zoho Mail) directly within Cliq? As a widget, or an item in the sidebar? My team does not use Mail, it uses Cliq all

    • Enhancing Zia's service with better contextual responses and article generation

      Hello everyone, We are enhancing Zia's Generative AI service to make your support experience smarter. Here's how: Increased accuracy with Qwen One of the key challenges in AI is delivering responses that are both contextually accurate and empathetic while

    • Let us add Lookup fields in the Blueprint Transitions

      We are unable to add Lookup Fields in the blueprint transitions in Zoho Desk, we wanted to make it a requirement for our workflow but since it's not available in the transition we cannot. The lookup field exists in the Layout: But it cannot be added/selected

    • How can we clear a signature field with deluge?

      I would like to clear a signature field in the Edit -> On Load. I have tried input.signature = ""; input.signature = null; clear input.signature; None of the above is working. is there any other way I am missing?

    • Online PDF Editor

      Hello Team, There is a small glitch i found when i was using your online software called "PDF Editor", There is a menu bar on right side comes when we click on 3 dots for any pdf, but that entire menu has no options to choose, that is totally blank, please

    • How do I disconnect my Salesforce integration?

      I need to integrate a different Salesforce sandbox with my Zoho form.

    • Zoho Recruit - Email Relay

      Good day, Has anyone succeeded in setting up an email relay for Office 365? If I add the details from https://support.microsoft.com/en-us/office/pop-imap-and-smtp-settings-8361e398-8af4-4e97-b147-6c6c4ac95353, I get the connection error. Regards, Eka

    • Zoho Recruit -> Exchange Online Relay

      HI! I have tried to connect Recruit to our MS 365 Exchange Online without any luck. I use this guide https://help.zoho.com/portal/en/kb/recruit/outreach/email-relay/articles/email-relay-zoho-recruit#Configuring_Email_Relay_Settings Do anyone have the

    • Error AS101 when adding new email alias

      Hi, I am trying to add apple@(mydomain).com The error AS101 is shown while I try to add the alias.

    • an issue in Zoho CRM where the workflow rule is not triggering

      H I’m currently facing an issue in Zoho CRM where the workflow rule is not triggering when a new lead is created through a webform. I’ve double-checked the criteria and field updates, everything seems fine but it still doesn’t fire. Has anyone faced this

    • 401 Unauthenticated Error – Zoho CRM to Google Sheets Integration

      Hi I'm building an Automation Function in Zoho CRM using Deluge that appends contact data from Zoho CRM into a Google Sheet whenever a new contact is created. WHAT I'VE DONE: I created a connection in Zoho CRM (Developer Hub → Connections) with the following

    • Power up your Kiosk Studio with Real-Time Data Capture, Client Scripts & More!

      Hello Everyone, We’re thrilled to announce a powerful set of enhancements to Kiosk Studio in Zoho CRM. These new updates give you more flexibility, faster record handling, and real-time data capture, making your Kiosk flows smarter and more efficient

    • Income not showing in direct bank feed

      Hi, I am trying to enter income without knowing or mentioning customer, as i am told, my client wants single or cash basis accounting but i seriously struggling......................

    • I am not able to check in and checkout in zoho people even location access allowed

      This issue i am facing in mackbook air m1, I allowed location in chrome browser and i also tried in safari but getting similar issue. Please have a look ASAP.

    • Preview future shift rotation in Shift Schedule

      Hi, What if, instead of the current behavior, the Shift Rotation feature in Zoho People allowed users to preview future shift schedules before the scheduler execution? Currently, when a shift rotation is configured (for example, monthly rotation), the

    • Automatically Update Ticket Status in Zoho Desk Based on Actions in Zoho Projects

      Hi Zoho Desk Team, Hope you’re doing well. We’re using the Zoho Desk–Zoho Projects integration to manage tasks related to customer tickets, and it works well for linking and tracking progress. However, there are a few important automation capabilities

    • Sign Out

      Hello, I have a doubt with Permalink. I have a view created with critera to show only the records belonging to the user who has sign in. The problem is that the different users use the same computer and some times the user login keep signed, and when I send the permalink (by email) of the view, the users enter with other login signed. Moreover the permalink view doesn�t allow to do a log out. May I add something in the permalink to request always sign in? Sorry for my English. Many thanks! Regards

    • Announcing new features in Trident for Windows (v.1.39.4.0)

      Hello Community! Trident for Windows just received a major update, with a range of capabilities that focuses on strengthening communication and simplifying workflows. Let’s dive into what’s new! Upload email attachments to WorkDrive. Until now, you could

    • Introducing Automatic Field Addition (Text Tags) in Zoho Sign

      Hello, Today we are excited to announce the general availability of automatic field addition (text tags) feature in Zoho Sign. Now, you can now add text tags in the content of your documents and Zoho Sign will automatically add the corresponding fields when they are uploaded for the signing process. For example: when you add text tags to your sales orders, new employee contracts, and NDAs, Zoho Sign will add the corresponding fields when these documents are uploaded for the signing process. If you

    • Introducing Built-in Telephony in Zoho Recruit

      We’re excited to introduce Built-in Telephony in Zoho Recruit, designed to make recruiter–candidate communication faster, simpler, and fully traceable. These capabilities help you reduce app switching, handle inbound calls efficiently, and keep every

    • Write-Off multiple invoices and tax calculation

      Good evening, I have many invoices which are long overdue and I do not expect them to be paid. I believe I should write them off. I did some tests and I have some questions:  - I cannot find a way to write off several invoices together. How can I do that,

    • Splitting Transactions in Zoho Books

      I have read in past forum posts that the ability to split bank transactions would likely be implemented - it's definitely a typical accounting program feature.  I'm new to Zoho and thought I'd found nirvana until I realized this feature doesn't seem to

    • Statement Aging On Cutomer Statement

      Hello, Is it possible to put aging on customer statements? Current 1-30days 31-60days 61-90days 91-120days Over 120 days. See attached image from another accounting package. Many customers pay off a statement and clear older invoices.

    • Unveiling the next iteration of Ask Zia in Zoho CRM: An all-new chat interface, conversation history, actions, and much more

      Your CRM assistant just leveled up. Zoho CRM's Ask Zia functionality now offers a more conversational and context-aware experience to help you not just understand your data, but act on it—all from one chat window. With its redesigned interface and expanded

    • Response rate and time on social media

      Hello, I just want to know if it's possible to manage the response rate and response time from my social media on zoho social ? I don't see any statistical reports on the online scoreboard ? Thank you in advance for your response and sorry if the question has already been posted

    • Whatsapp BOT with CRM

      Hello, how do you use Whatsapp integrations in zoho CRM?

    • Ability to translate Zoho CRM Kiosks

      Hi team, Is support for translating kiosk text and screen names in the Zoho CRM translation tool planned on the roadmap? Thanks,

    • Whatsapp Limitation Questions

      Good day, I would like to find out about the functionality or possibility of all the below points within the Zoho/WhatsApp integration. Will WhatsApp buttons ever be possible in the future? Will WhatsApp Re-directs to different users be possible based

    • Editing the list of Categories in the Categorize Manually section of Banking in Zoho Books

      Hi, I need to create two new Categories called Withdrawals and Deposits to categorize payments in a bank account. How do I edit the Categories list?

    • Can I write a check in Zoho Books with no associated bill?

      This currently does not seem possible, and I have a client that desperately needs this function if I am able to convert them with Quickbooks. Thank you in advance for your reply. 

    • Internal Fillable Contract with Zoho Writer (Before Sending to Client)

      Hi everyone, I’m trying to automate the following process in Zoho CRM and would appreciate some guidance. Process: When a Deal moves to a specific stage, CRM triggers an automation. CRM sends a contract template to an internal team member so they can

    • [Free Webinar] Intelligent document processing with Zoho RPA

      Hello everyone! Greetings from the Zoho RPA team! We're excited to invite you to our upcoming webinar on intelligent document processing with Zoho RPA, where we'll introduce powerful new capabilities designed to make your automation journey smarter, faster,

    • Enhancements for Currencies in Zoho CRM: Automatic exchange rate updates, options to update record exchange rates, and more

      The multi-currency feature helps you track currencies region-wise. This can apply to Sales, CTC, or any other currency-related data. You can record amounts in a customer’s local currency, while the CRM automatically converts them to your home currency

    • When I schedule calendar appointments in zoho and invite external emails, they do not receive invites

      Hello, We have recently transitioned to zoho and are having a problem with the calendar feature. When we schedule new calendar appointments in zoho the invite emails aren't being sent to the external users that we list in participants. However, this works

    • Next Page